Details by Rob Kendrick (86):

It’d be nice if I could tick a box in the login page to store a cookie in my browse such that I don’t need to log in again on another visit. May also need to then provide a “log off” button.

Changelog:

Modified by Andrew Hodgkinson (6) Mon, January 22 2007 - 14:41:56 GMT

“Remember me” schemes are notoriously problematic from a security standpoint – e.g. consider the internet café problem – which is why I haven’t yet implemented it. If it’s a major problem logging in for a large body of users it might be worthwhile but it is difficult to get right (so I won’t close this ticket just yet – it might get implemented).

There is already a “log off” button; when logged in, click on the “Account” icon at the top right of the header on any page. You’ll get to your account management pages, which include a “log off” option.

Modified by Andrew Hodgkinson (6) Mon, January 22 2007 - 14:42:21 GMT

Release changed from Prototype site to 2nd public site release

Modified by Andrew Hodgkinson (6) Mon, January 22 2007 - 14:44:00 GMT

Milestone changed from Unspecified to 2nd public site release completed

Modified by Rob Kendrick (86) Tue, January 23 2007 - 21:50:24 GMT

The internet café problem is why I suggested that it be optional. It should also default to off, as well as perhaps giving the user a warning that they shouldn’t use this feature on shared machines.

(Although the security of logging onto such things from a shared machine is questionable anyway.)

Modified by Andrew Hodgkinson (6) Wed, January 24 2007 - 21:42:29 GMT

Yes indeed. I notice that some sites have a half-way house, which does keep the user logged in for longer, but still not forever – one or two days, perhaps. In addition to your suggestions above, I think we’d be getting close to the right balance of utility and security.

Modified by Trevor Johnson (329) Wed, January 12 2011 - 14:03:03 GMT

Status changed from Open to Fixed

Summary changed from Option to log on "permanently" to Increase the Hub login timeout